To edit the ogc-sp.xml file with certificates and properties:
The following is a sample ogc-sp.xml file for reference.
Note that there are two long, multi-line strings in the <ds:X509Certificate> tags. These are the certificates that will be overwritten with the site-specific certificates that were created in Generating Certificates. Shortened versions of the certificates are shown in this sample for demonstration purposes. The actual certificates will be much larger.
<?xml version="1.0" encoding="UTF-8"?> <md:EntityDescriptor entityID="test.ibi.com" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> <idpdisco:DiscoveryResponse xmlns:idpdisco="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://localhost:8080/spring-security-saml/login/auth/alias/localhost?disco=true"/> </md:Extensions> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIIDoTCCAomgAwIBAgIEf6nJDTANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMxETAPBgNV Ykym9tOG+m21eC5LgRX+qyfB+XE7OP24N/ccKYuJkcQdJKnJCFxgdC3xl45EfaEFh5bQ0UOZzzSM cyNApOW+qssSOxRJyWbqAEOx3SxE </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate> MIIDpzCCAo+gAwIBAgIEIuaEgzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxETAPBgNV 0MaUTCLU1X94XcQJQ8zskBLSSw2jrf9rvGzBMHJrTphJGl0RluIpJWu0fWFhNRRxq61FwZzRl53j 5pHGZ2yxcPWefW05qqjX/ZZWkx8rxH/YnTvA </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://iwserv153.ibi.com:8080/ogc/saml/SingleLogout/alias/test.ibi.com"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://iwserv153.ibi.com:8080/ogc/saml/SingleLogout/alias/test.ibi.com"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://iwserv153.ibi.com:8080/ogc/saml/logout/SingleLogout/test.ibi.com"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://iwserv153.ibi.com:8080/ogc/saml/SSO/alias/test.ibi.com" index="0" isDefault="true"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://iwserv153.ibi.com:8080/ogc/saml/SSO/alias/test.ibi.com" index="1" isDefault="false"/> </md:SPSSODescriptor> </md:EntityDescriptor>
\omnigen\omnigendata\sso
The long multi-line string between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- is the actual certificate . Copy and paste it into the ogc-sp.xml file between the <ds:X509Certificate> tags, which are below the <md:KeyDescriptor use="signing"> tag. When pasting, ensure that you overwrite the entire existing string that is currently there.
The long multi-line string between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- is the actual certificate . Copy and paste it into the ogc-sp.xml file between the <ds:X509Certificate> tags, which are below the <md:KeyDescriptor use="encryption"> tag. When pasting, ensure that you overwrite the entire existing string that is currently there.
Set the value to the value used in the sso.properties file. For example:
<md:EntityDescriptor entityID="test.ibi.com"
There are three SingleLogoutService tags and two AssertionConsumerService tags.
<md:EntityDescriptor entityID="test.ibi.com"
The five strings are located at the bottom of the ogc-sp.xml file as follows:
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://iwserv153.ibi.com:8080/ogc/saml/SingleLogout/alias/test.ibi.com"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://iwserv153.ibi.com:8080/ogc/saml/SingleLogout/alias/test.ibi.com"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://iwserv153.ibi.com:8080/ogc/saml/logout/SingleLogout/test.ibi.com"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://iwserv153.ibi.com:8080/ogc/saml/SSO/alias/test.ibi.com" index="0" isDefault="true"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://iwserv153.ibi.com:8080/ogc/saml/SSO/alias/test.ibi.com" index="1" isDefault="false"/>